From 33111c910bf8c138f3be1cef99b318e26fb28a04 Mon Sep 17 00:00:00 2001
From: Joel Cunningham <joel.cunningham@me.com>
Date: Sat, 8 Oct 2016 12:04:15 -0500
Subject: [PATCH] Check for NULL qsort() base pointers

There are a couple of places in wpa_supplicant/hostapd where qsort() can
be called with a NULL base pointer. This results in undefined behavior
according to the C standard and with some standard C libraries (ARM RVCT
2.2) results in a data abort/memory exception. Fix this by skipping such
calls since there is nothing needing to be sorted.

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
---
 hostapd/config_file.c | 3 ++-
 wpa_supplicant/scan.c | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 9c744de..8e7bcc7 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -208,7 +208,8 @@ static int hostapd_config_read_maclist(const char *fname,
 
 	fclose(f);
 
-	qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
+	if (*acl)
+		qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp);
 
 	return 0;
 }
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index fb8ebdf..bfde0af 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -2177,8 +2177,10 @@ wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
 	}
 #endif /* CONFIG_WPS */
 
-	qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *),
-	      compar);
+	if (scan_res->res) {
+		qsort(scan_res->res, scan_res->num,
+		      sizeof(struct wpa_scan_res *), compar);
+	}
 	dump_scan_res(scan_res);
 
 	wpa_bss_update_start(wpa_s);
-- 
2.9.3

